Bugzilla – Bug 1217918
VUL-0: tor: UAF and NULL pointer dereference crash on Exit relays (TROVE-2023-007)
Last modified: 2024-05-29 11:16:02 UTC
It was discovered that tor before 0.4.8.10 is affected by an issue (TROVE-2023-007) affecting Exit relays supporting Conflux. - Improper error propagation from a safety check in conflux leg linking lead to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays References: https://forum.torproject.org/t/security-release-0-4-8-10/10536 https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
This is an autogenerated message for OBS integration: This bug (1217918) was mentioned in https://build.opensuse.org/request/show/1132318 Backports:SLE-15-SP4+Backports:SLE-15-SP5 / tor
openSUSE-RU-2023:0402-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1217918 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): tor-0.4.8.10-bp155.2.9.1 openSUSE Backports SLE-15-SP4 (src): tor-0.4.8.10-bp154.2.21.1
done
Reopening: Missing in Leap 15.6. Please process incoming submission or fix in Leap 15.6 in your chosen way. (bug 1225537)
As per bug 1225537 now also fixed in Leap 15.6, closing